Cisco 4215 - Intrusion Detection Sys Sensor Configuration Manual page 195

Chapter 10 Configuring Blocking
Type the user profile name that you created in
Step 4
sensor(config-net-cat)# profile-name user_profile_name
Note
Designate the method used to access the sensor:
Step 5
sensor(config-net-cat)# communication [telnet | ssh-des/ | sh-3des]
If unspecified, SSH 3DES is used.
Note
Step 6 Specify the sensor's NAT address:
sensor(config-net-cat)# nat-address nat_address
Note
Specify the VLAN number:
Step 7
sensor(config-net-cat)# block-vlans vlan_number
(Optional) Add the pre-VACL name:
Step 8
sensor(config-net-cat-blo)# pre-vacl-name pre_vacl_name
(Optional) Add the post-VACL name:
Step 9
sensor(config-net-cat-blo)# post-vacl-name post_vacl_name
Step 10 Exit network access submode:
sensor(config-net-cat-blo)# exit
sensor(config-net-cat)# exit
sensor(config-net)# exit
sensor(config)# exit
Apply Changes:?[yes]:
Step 11 Press Enter to apply the changes or type
78-16527-01
Network Access Controller accepts anything you type. It does not check to see if the logical
device exists.
If you are using DES or 3DES, you must use the command ssh host-key ip_address to accept
the key or Network Access Controller cannot connect to the device. For the procedure, see
Adding Hosts to the Known Hosts List, page
This changes the IP address in the first line of the ACL from the sensor's address to the NAT
address. This is not a NAT address configured on the device being managed. It is the address the
sensor is translated to by an intermediate device, one that is between the sensor and the device
being managed.
Cisco Intrusion Prevention System Sensor CLI Configuration Guide for IPS 5.0
Configuring User Profiles, page
4-31.
to discard them.
no
Configuring Blocking Devices
10-17.
10-23